MALWARE: Ragnar Locker

A new ransomware attack method takes defense evasion to a new level—deploying as a full virtual machine on each targeted device to hide the ransomware from view. In a recently detected attack, Ragnar Locker ransomware was deployed inside an Oracle VirtualBox Windows XP virtual machine. The attack payload was a 122 MB installer with a 282 MB virtual image inside—all to conceal a 49 kB ransomware executable.



Incidents Caused by this Malware

  • August 19, 2022: DESFA, Greece’s Natural Gas Supplier, Suffers Cyberattack
  • February 18, 2021: Bolpegas attacked by Ragnar Locker Ransomware
  • September 28, 2020: CMA CGM SA shutdown after attack with ransomeware
  • April 13, 2020: EDP Ransom Attack

Threat Actors Known to use this Malware

Pin It on Pinterest

Scroll to Top
Scroll to Top